top of page
Writer's pictureBernard Kilonzo

Row-Level Security in Tableau: Ensuring Data Privacy and Compliance

row-level security in tableau

Overview

Row-Level Security (RLS) in Tableau is a critical feature that allows organizations to restrict data access at the row level based on user attributes. This ensures that users can only view data relevant to their roles, enhancing data privacy and compliance while streamlining access management.

Unlike traditional security models that limit access to entire datasets or dashboards, RLS enables different users to see different subsets of data within the same report or dashboard. For example, a sales team may need access to customer purchase information, while the finance team might only require revenue data.

Methods of Implementing Row-Level Security

  • User Filters: This method involves manually mapping users to specific values, such as regions or departments. For example, a user named "Kennedy" could be mapped to the "East" region, allowing her to see only relevant data. (Note, this approach requires ongoing maintenance as user roles change, necessitating updates and republishing of data sources).

  • Dynamic Filters with Calculated Fields: Users can create calculated fields that utilize functions like USERNAME () to dynamically filter data based on the logged-in user's identity. (Note, this method allows for more complex filtering logic and is adaptable as organizational needs evolve).

  • Data Policies via Virtual Connections: Introduced in Tableau 2021.4, this method centralizes RLS management through virtual connections and data policies. By applying a policy at the connection level, organizations can enforce row-level security across all content using that connection, reducing the risk of exposure due to improper permissions on individual workbooks. (Note, this approach is particularly beneficial for organizations with existing RLS mechanisms in their databases, allowing them to leverage established security frameworks).

How to Implement Row-Level Security Using Dynamic Filters

Using USERNAME () function, I am going to demonstrate how to implement row-level security using dynamic filters.

Using the sample – superstore dataset, lets use filters to control the kind of data accessible by different users. (The goal is to allow a user view ONLY data from their respective region)

sample dataset (primary dataset)

To achieve this, I have a security table containing the details of each username and region they should access.

security table

Join the sample – superstore dataset, with the security table using the common field “Region” as shown below.

combining the datasets by joining them

Using USERNAME () function, create a calculated field that will be used to control data access.

using USERNAME function in tableau

Note: USERNAME () function represents the name of the user signed into Tableau.

Add the calculated field “Dynamic filter” to the filters card and select TRUE. Alternatively, you can add it to the data source filters.

With that set, anytime a user views a dashboard or view, the filters will check their Tableau Server credentials and ONLY show the data associated with their region.

Conclusion

Row-Level Security in Tableau is an essential feature for organizations looking to manage sensitive data effectively while providing tailored access based on user roles. By employing a combination of user filters, dynamic calculated fields, and centralized data policies, businesses can ensure that their data governance strategies are robust and compliant with privacy standards.

If you like the work we do and would like to work with us, drop us an email on our contacts page and we’ll reach out!

Thank you for reading!

bottom of page